tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merged tmakinen/puppet into master

Browse source
This commit is contained in:
Ossi Herrala 2015-06-23 16:37:57 +03:00
commit 43713bbf6e
24 changed files with 621 additions and 237 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
abusesa/files/vsroom-httpd.conf
View file

@ -1,3 +1,3 @@
<Directory "/srv/www/https/*/vsroom">
AllowOverride All
AllowOverride FileInfo
</Directory>

21
abusesa/manifests/init.pp
View file

@ -87,3 +87,24 @@ class abusesa(
}
}
# Create AbuseSA htdocs root.
#
define abusesa::configwebhost() {
file { "/srv/www/https/${name}/abusesa":
ensure => directory,
mode => '0755',
owner => 'root',
group => 'root',
}
file { "/srv/www/https/${name}/abusesa/index.html":
ensure => present,
mode => '0644',
owner => 'root',
group => 'root',
content => '',
}
}

11
abusesa/manifests/live.pp
View file

@ -85,13 +85,8 @@ class abusesa::live(
#
define abusesa::live::configwebhost($htdocs) {
if ! defined(File["/srv/www/https/${name}/abusesa"]) {
file { "/srv/www/https/${name}/abusesa":
ensure => directory,
mode => '0755',
owner => 'root',
group => 'root',
}
if ! defined(Abusesa::Configwebhost[$name]) {
abusesa::configwebhost { $name: }
}
file { "/srv/www/https/${name}/abusesa/live":
@ -111,7 +106,7 @@ define abusesa::live::configwebhost($htdocs) {
mode => '0644',
owner => 'root',
group => 'root',
content => "Redirect permanent /vsroom/ /abusesa/live/\n",
content => "RedirectMatch permanent /vsroom/overview/(index\.html)? /abusesa/live/\n",
}
}

9
abusesa/manifests/search.pp
View file

@ -136,13 +136,8 @@ class abusesa::search(
#
define abusesa::search::configwebhost($htdocs) {
if ! defined(File["/srv/www/https/${name}/abusesa"]) {
file { "/srv/www/https/${name}/abusesa":
ensure => directory,
mode => '0755',
owner => 'root',
group => 'root',
}
if ! defined(Abusesa::Configwebhost[$name]) {
abusesa::configwebhost { $name: }
}
file { "/srv/www/https/${name}/abusesa/search":

55
abusesa/manifests/services.pp Normal file
View file

@ -0,0 +1,55 @@
# Configure AbuseSA services.
#
class abusesa::services(
$allow_dn=undef,
$services=[],
$socketdir='/var/lib/abuserv/run',
) {
include user::system
realize(User['abuserv'], Group['abuserv'])
exec { 'usermod-abusesa-abuserv':
path => '/bin:/usr/bin:/sbin:/usr/sbin',
command => 'usermod -a -G abuserv abusesa',
unless => 'id -n -G abusesa | grep \'\babuserv\b\'',
require => [
User['abusesa'],
Group['abuserv'],
],
}
exec { 'usermod-nginx-abuserv':
path => '/bin:/usr/bin:/sbin:/usr/sbin',
command => 'usermod -a -G abuserv nginx',
unless => 'id -n -G nginx | grep \'\babuserv\b\'',
require => [
Class['nginx'],
Group['abuserv'],
],
}
file { [
'/var/lib/abuserv',
'/var/lib/abuserv/run',
]:
ensure => directory,
mode => '2770',
owner => 'abuserv',
group => 'abuserv',
}
file { '/var/lib/abuserv/.profile':
ensure => present,
mode => '0600',
owner => 'abuserv',
group => 'abuserv',
content => "umask 007\n",
}
include nginx
nginx::config { 'abusesa.conf':
content => template('abusesa/services/nginx.conf.erb'),
}
}

39
abusesa/templates/services/nginx.conf.erb Normal file
View file

@ -0,0 +1,39 @@
log_format abusesa '$remote_addr - $http_x_remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$ssl_client_s_dn"';
server {
listen 8443;
access_log <%= scope.lookupvar('nginx::logdir') %>/abusesa.log abusesa;
ssl on;
ssl_verify_client on;
ssl_certificate <%= @puppet_ssldir %>/certs/<%= @homename %>.pem;
ssl_certificate_key <%= @puppet_ssldir %>/private_keys/<%= @homename %>.pem;
ssl_client_certificate <%= @puppet_ssldir %>/certs/ca.pem;
proxy_buffering off;
<% if @allow_dn -%>
if ($ssl_client_s_dn != "<%= @allow_dn %>") {
return 403;
}
<% end -%>
<% @services.each do |service|
dir, sep, sock = service.rpartition('/')
dir = @socketdir if dir.empty?
sockpath = File.join(dir, sock)
location = sock.gsub('.', '/')
-%>
location /<%= location %>/ {
proxy_pass http://unix:<%= sockpath %>:/;
}
<% end -%>
location / {
deny all;
}
}

41
apache/manifests/init.pp
View file

@ -23,6 +23,10 @@ class apache::common {
}
}
if ! $apache_maxclients {
$apache_maxclients = "256"
}
if $apache_datadir {
file { $apache_datadir:
ensure => directory,
@ -227,7 +231,7 @@ define apache::site($aliases="", $root="", $redirect="", $proxy="") {
class apache::sslserver inherits apache::common {
include user::system
case $::operatingsystem {
"debian","ubuntu": {
include apache::debian::sslserver
@ -491,6 +495,41 @@ class apache::proxy($port="8080",
}
# Configure Apache SSLProxy with key authentication.
#
class apache::sslproxy(
$ssl_key="${::puppet_ssldir}/private_keys/${::homename}.pem",
$ssl_cert="${::puppet_ssldir}/certs/${::homename}.pem",
$ssl_ca="${::puppet_ssldir}/certs/ca.pem",
) {
include ssl
$ssl_bundle = "${ssl::private}/apache-sslproxy.pem"
exec { 'generate-sslproxy-pem':
path => '/bin:/usr/bin:/sbin:/usr/sbin',
command => "/bin/sh -c 'umask 077 ; cat ${ssl_key} ${ssl_cert} > ${ssl_bundle}'",
creates => $ssl_bundle,
}
file { $ssl_bundle:
ensure => present,
mode => '0600',
owner => 'root',
group => 'root',
require => Exec['generate-sslproxy-pem'],
}
apache::configfile { 'sslproxy.conf':
http => false,
content => template('apache/sslproxy.conf.erb'),
require => File[$ssl_bundle],
}
}
# Install mod_auth_kerb.
#
class apache::mod::auth_kerb($servicename=undef) {

4
apache/templates/apache2.conf.erb
View file

@ -104,8 +104,8 @@ KeepAliveTimeout 15
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 256
ServerLimit <%= @apache_maxclients %>
MaxClients <%= @apache_maxclients %>
MaxRequestsPerChild 4000
</IfModule>

4
apache/templates/httpd.conf.erb
View file

@ -103,8 +103,8 @@ KeepAliveTimeout 15
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 256
ServerLimit <%= @apache_maxclients %>
MaxClients <%= @apache_maxclients %>
MaxRequestsPerChild 4000
</IfModule>

4
apache/templates/httpsd.conf.erb
View file

@ -103,8 +103,8 @@ KeepAliveTimeout 15
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 256
ServerLimit <%= @apache_maxclients %>
MaxClients <%= @apache_maxclients %>
MaxRequestsPerChild 4000
</IfModule>

4
apache/templates/sslproxy.conf.erb Normal file
View file

@ -0,0 +1,4 @@
SSLProxyEngine on
SSLProxyMachineCertificateFile <%= @ssl_bundle %>
SSLProxyCACertificateFile <%= @ssl_ca %>
SSLProxyVerify require

9
cups/manifests/init.pp
View file

@ -76,7 +76,14 @@ class cups::server($admin_group=undef, $manager_group=undef,
require ssl
package { [ "ghostscript", "system-config-printer" ]:
package { "system-config-printer":
ensure => installed,
name => $::operatingsystem ? {
"ubuntu" => "system-config-printer-gnome",
default => "system-config-printer",
},
}
package { "ghostscript":
ensure => installed,
}

305
ejabberd/manifests/init.pp
View file

@ -1,90 +1,162 @@
# Install ejabberd.
#
# === Global variables
# === Parameters
#
# $ejabberd_hosts:
# $collab:
# Boolean for enabling collab integration. Defaults to false.
#
# $package:
# Ejabberd package source. Required for collab integration.
#
# $hosts:
# Array of domains serverd by ejabberd. Defaults to [ "$homename" ].
#
# $ejabberd_admin:
# $admins:
# Array of users with admin privileges.
#
# $ejabberd_ssl_key:
# Path to SSL private key.
# $webhosts:
# Array of BOSH virtual hosts.
#
# $ejabberd_ssl_cert:
# Path to SSL certificate.
#
# $ejabberd_ssl_chain:
# Path to SSL certificate chain.
#
# $ejabberd_muclog_datadir:
# Path where to store chatroom logs. Disabled by default.
#
# $ejabberd_muclog_format:
# Chatroom log format. Valid values html or plaintext.
#
# $ejabberd_auth:
# $auth:
# Authentication method or array of multiple methods.
# Valid values internal, external or ldap. Defaults to internal.
#
# $ejabberd_extauth:
# $extauth:
# Path to external authentication command.
#
# $ejabberd_ldap_server:
# $muclog_datadir:
# Path where to store chatroom logs. Disabled by default.
#
# $muclog_format:
# Chatroom log format. Valid values html or plaintext.
#
# $ssl_key:
# Path to SSL private key.
#
# $ssl_cert:
# Path to SSL certificate.
#
# $ssl_chain:
# Path to SSL certificate chain.
#
# $ldap_server:
# Array of LDAP authentication servers.
#
# $ejabberd_ldap_basedn:
# $ldap_basedn:
# LDAP base dn.
#
# $ejabberd_ldap_encrypt:
# $ldap_encrypt:
# LDAP encryption. Defaults to "tls".
#
# $ejabberd_ldap_port:
# $ldap_port:
# LDAP port. Defaults to 636.
#
# $ejabberd_ldap_uidattr:
# $ldap_uid:
# LDAP UID attribute. Defaults to "uid".
#
# $ejabberd_ldap_binddn:
# $ldap_rootdn:
# Optional bind DN.
#
# $ejabberd_ldap_bindpw:
# $ldap_password:
# Bind DN password.
#
class ejabberd {
class ejabberd(
$collab=false,
$package=undef,
$hosts=[$::homename],
$admins=[],
$webhosts=undef,
$auth="internal",
$extauth=undef,
$muclog_datadir=undef,
$muclog_format="plaintext",
$ssl_key="${::puppet_ssldir}/private_keys/${::homename}.pem",
$ssl_cert="${::puppet_ssldir}/certs/${::homename}.pem",
$ssl_chain=undef,
$ldap_server=undef,
$ldap_basedn=undef,
$ldap_encrypt="tls",
$ldap_port="636",
$ldap_uid="uid",
$ldap_rootdn=undef,
$ldap_password=undef
) {
require erlang
include user::system
realize(User["ejabberd"], Group["ejabberd"])
if !$ejabberd_hosts {
$ejabberd_hosts = [ $homename ]
}
if !$ejabberd_admin {
$ejabberd_admin = []
}
if !$ejabberd_auth {
$ejabberd_auth = "internal"
if ! ($muclog_format in [ "html", "plaintext" ]) {
fail("Invalid value ${muclog_format} for muclog_format")
}
if !$ejabberd_ldap_encrypt {
$ejabberd_ldap_encrypt = "tls"
}
if !$ejabberd_ldap_port {
$ejabberd_ldap_port = "636"
}
if !$ejabberd_ldap_uidattr {
$ejabberd_ldap_uidattr = "uid"
}
case $ejabberd_muclog_format {
"","html","plaintext": { }
case $::operatingsystem {
"centos","redhat","fedora": {
$package_provider = "rpm"
}
"debian","ubuntu": {
$package_provider = "dpkg"
}
default: {
fail("Invalid value ${ejabberd_muclog_format} for \$ejabberd_muclog_format.")
fail("ejabberd not supported on ${::operatingsystem}.")
}
}
if $package and versioncmp($package, "ejabberd-13.10") >= 0 {
$config = "ejabberd.yml"
} else {
$config = "ejabberd.cfg"
}
if $collab == true {
if ! $package {
fail("Must define package for collab integration")
}
file { "/usr/local/src/${package}":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
source => "puppet:///files/packages/${package}",
before => Package["ejabberd"],
}
Package["ejabberd"] {
provider => $package_provider,
source => "/usr/local/src/${package}",
}
exec { "usermod-ejabberd":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "usermod -a -G collab ejabberd",
unless => "id -n -G ejabberd | grep '\\bcollab\\b'",
require => [ User["ejabberd"], Group["collab"] ],
notify => Service["ejabberd"],
}
Service["ejabberd"] {
require => Class["wiki::collab"],
}
if $muclog_datadir {
file { $muclog_datadir:
ensure => directory,
mode => "2770",
owner => "collab",
group => "collab",
require => User["collab"],
before => Service["ejabberd"],
}
}
}
package { "ejabberd":
ensure => installed,
ensure => $collab ? {
true => latest,
default => installed,
},
require => [ User["ejabberd"], Group["ejabberd"] ],
}
@ -96,16 +168,9 @@ class ejabberd {
include ssl
if !$ejabberd_ssl_key {
$ejabberd_ssl_key = "${puppet_ssldir}/private_keys/${homename}.pem"
}
if !$ejabberd_ssl_cert {
$ejabberd_ssl_cert = "${puppet_ssldir}/certs/${homename}.pem"
}
file { "${ssl::private}/ejabberd.key":
ensure => present,
source => $ejabberd_ssl_key,
source => $ssl_key,
mode => "0600",
owner => "root",
group => "root",
@ -113,16 +178,16 @@ class ejabberd {
}
file { "${ssl::certs}/ejabberd.crt":
ensure => present,
source => $ejabberd_ssl_cert,
source => $ssl_cert,
mode => "0644",
owner => "root",
group => "root",
notify => Exec["generate-ejabberd-pem"],
}
if $ejabberd_ssl_chain {
if $ssl_chain {
file { "${ssl::certs}/ejabberd.chain.crt":
ensure => present,
source => $ejabberd_ssl_chain,
source => $ssl_chain,
mode => "0644",
owner => "root",
group => "root",
@ -150,12 +215,12 @@ class ejabberd {
require => Package["ejabberd"],
}
file { "/etc/ejabberd/ejabberd.cfg":
file { "/etc/ejabberd/${config}":
ensure => present,
mode => "0640",
owner => "root",
group => "ejabberd",
content => template("ejabberd/ejabberd.cfg.erb"),
content => template("ejabberd/${config}.erb"),
require => Package["ejabberd"],
notify => Service["ejabberd"],
}
@ -164,24 +229,17 @@ class ejabberd {
"debian", "ubuntu": {
augeas { "set-ejabberd-default":
context => "/files/etc/default/ejabberd",
changes => [ "set POLL true",
"set SMP auto", ],
changes => [ "set POLL true", "set SMP auto" ],
require => Package["ejabberd"],
notify => Service["ejabberd"],
}
}
default: { }
}
$htdocs = "/usr/share/ejabberd/htdocs"
define configwebhost($htdocs) {
file { "/srv/www/https/${name}/bosh":
ensure => link,
target => $htdocs,
require => File["/srv/www/https/${name}"],
}
}
if $ejabberd_webhosts {
if $webhosts {
include apache::mod::proxy
include apache::mod::proxy_http
include apache::mod::rewrite
@ -199,8 +257,7 @@ class ejabberd {
mode => "0644",
owner => "root",
group => "root",
source => "puppet:///modules/ejabberd/htaccess",
require => File[$htdocs],
content => template("ejabberd/htaccess.erb"),
}
apache::configfile { "ejabberd.conf":
@ -213,7 +270,7 @@ class ejabberd {
proto => "tcp",
}
configwebhost { $ejabberd_webhosts:
ejabberd::configwebhost { $webhosts:
htdocs => $htdocs,
}
}
@ -221,68 +278,13 @@ class ejabberd {
}
# Install ejabberd with collab customizations.
# Enable bosh on virtual host.
#
# === Global variables
#
# $ejabberd_package:
# Name of ejabberd package with collab patches.
#
class ejabberd::collab inherits ejabberd {
define ejabberd::configwebhost($htdocs) {
if !$ejabberd_package {
fail("Must define \$ejabberd_package")
}
exec { "usermod-ejabberd":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "usermod -a -G collab ejabberd",
unless => "id -n -G ejabberd | grep '\\bcollab\\b'",
require => [ User["ejabberd"], Group["collab"] ],
}
case $::operatingsystem {
"centos","redhat","fedora": {
package { ["erlang", "erlang-esasl"]:
ensure => installed,
before => Package["ejabberd"],
}
}
"debian","ubuntu": {
package { ["erlang", "erlang-base"]:
ensure => installed,
before => Package["ejabberd"],
}
}
}
file { "/usr/local/src/${ejabberd_package}":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
source => "puppet:///files/packages/${ejabberd_package}",
before => Package["ejabberd"],
}
Package["ejabberd"] {
provider => $::operatingsystem ? {
"centos" => "rpm",
"redhat" => "rpm",
"fedora" => "rpm",
"debian" => "dpkg",
"ubuntu" => "dpkg",
},
source => "/usr/local/src/${ejabberd_package}",
}
if $ejabberd_muclog_datadir {
file { $ejabberd_muclog_datadir:
ensure => directory,
mode => "2770",
owner => "collab",
group => "collab",
require => User["collab"],
before => Service["ejabberd"],
}
file { "/srv/www/https/${name}/bosh":
ensure => link,
target => $htdocs,
}
}
@ -290,40 +292,35 @@ class ejabberd::collab inherits ejabberd {
# Install ejabberd backup cron script.
#
# === Global variables
# === Parameters
#
# $ejabberd_backup_datadir:
# Path where to store the backups.
# $datadir:
# Path where to store the backups. Defaults to "/srv/ejabberd-backup".
#
class ejabberd::backup {
class ejabberd::backup($datadir="/srv/ejabberd-backup") {
if ! $ejabberd_backup_datadir {
$ejabberd_backup_datadir = "/srv/ejabberd-backup"
}
file { $ejabberd_backup_datadir:
ensure => directory,
mode => "0700",
owner => "root",
group => "root",
file { $datadir:
ensure => directory,
mode => "0700",
owner => "root",
group => "root",
}
file { "/usr/local/sbin/ejabberd-backup":
ensure => present,
content => template("ejabberd/ejabberd-backup.erb"),
mode => "0755",
owner => "root",
group => "root",
content => template("ejabberd/ejabberd-backup.erb"),
}
cron { "ejabberd-backup":
ensure => present,
command => "/usr/local/sbin/ejabberd-backup",
user => "root",
minute => 15,
hour => 21,
require => File[ $ejabberd_backup_datadir,
"/usr/local/sbin/ejabberd-backup" ],
minute => "15",
hour => "21",
require => File[$datadir, "/usr/local/sbin/ejabberd-backup"],
}
}

2
ejabberd/templates/ejabberd-backup.erb
View file

@ -25,7 +25,7 @@
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
DESTDIR="<%= @ejabberd_backup_datadir %>"
DESTDIR="<%= @datadir %>"
if [ ! -d ${DESTDIR} ]; then
echo "ERR: ejabberd backup directory [${DESTDIR}] does not exist" 1>&2

61
ejabberd/templates/ejabberd.cfg.erb
View file

@ -89,8 +89,8 @@ override_acls.
%% You can define one or several, for example:
%% {hosts, ["example.net", "example.com", "example.org"]}.
%%
<% @ejabberd_hosts.map! { |host| '"%s"' % host } -%>
{hosts, [<%= @ejabberd_hosts.join(", ") %>]}.
<% @hosts.map! { |host| '"%s"' % host } -%>
{hosts, [<%= @hosts.join(", ") %>]}.
%%
%% route_subdomains: Delegate subdomains to other XMPP servers.
@ -213,25 +213,25 @@ override_acls.
%%%. ==============
%%%' AUTHENTICATION
<% if @ejabberd_auth.is_a?(Array) -%>
{auth_method, [<%= @ejabberd_auth.join(", ") %>]}.
<% if @auth.is_a?(Array) -%>
{auth_method, [<%= @auth.join(", ") %>]}.
<% else -%>
{auth_method, <%= @ejabberd_auth %>}.
{auth_method, <%= @auth %>}.
<% end -%>
<% if @ejabberd_extauth -%>
{extauth_program, "<%= @ejabberd_extauth %>"}.
<% if @extauth -%>
{extauth_program, "<%= @extauth %>"}.
<% end -%>
<% if @ejabberd_ldap_server -%>
<% @ejabberd_ldap_server.map! { |server| '"%s"' % server } -%>
{ldap_servers, [<%= @ejabberd_ldap_server.join(", ") %>]}.
{ldap_base, "<%= @ejabberd_ldap_basedn %>"}.
{ldap_encrypt, <%= @ejabberd_ldap_encrypt %>}.
{ldap_port, <%= @ejabberd_ldap_port %>}.
{ldap_uids, [{"<%= @ejabberd_ldap_uidattr %>", "%u"}]}.
<% if @ldap_server -%>
<% @ldap_server.map! { |server| '"%s"' % server } -%>
{ldap_servers, [<%= @ldap_server.join(", ") %>]}.
{ldap_base, "<%= @ldap_basedn %>"}.
{ldap_encrypt, <%= @ldap_encrypt %>}.
{ldap_port, <%= @ldap_port %>}.
{ldap_uids, [{"<%= @ldap_uid %>", "%u"}]}.
{ldap_filter, "(!(loginShell=/sbin/nologin))"}.
<% if @ejabberd_ldap_binddn -%>
{ldap_rootdn, "<%= @ejabberd_ldap_binddn %>"}.
{ldap_password, "<%= @ejabberd_ldap_bindpw %>"}.
<% if @ldap_rootdn and @ldap_password -%>
{ldap_rootdn, "<%= @ldap_rootdn %>"}.
{ldap_password, "<%= @ldap_password %>"}.
<% end -%>
<% end -%>
@ -391,7 +391,7 @@ override_acls.
%%
%%{acl, admin, {user, "aleksey", "localhost"}}.
%%{acl, admin, {user, "ermine", "example.org"}}.
<% @ejabberd_admin.each do |admin|
<% @admins.each do |admin|
user, host = admin.split("@") -%>
{acl, admin, {user, "<%= user %>", "<%= host %>"}}.
<% end -%>
@ -429,7 +429,7 @@ user, host = admin.split("@") -%>
%%%' ACCESS RULES
%% Maximum number of simultaneous sessions allowed for a single user:
{access, max_user_sessions, [{100, all}]}.
{access, max_user_sessions, [{1000, all}]}.
%% Maximum number of offline messages that users can have:
{access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
@ -554,29 +554,26 @@ user, host = admin.split("@") -%>
{max_users, 1000},
{max_user_conferences, 2500},
{default_room_options,
[
[
{allow_user_invites, true},
{anonymous, false},
{public, false},
<% if @ejabberd_muclog_datadir -%>
{logging, true}
<% if @muclog_datadir -%>
{logging, true},
<% else -%>
{logging, false}
{logging, false},
<% end -%>
{max_users, 1000}
]
}
]},
%%{mod_muc_log,[]},
<% if @ejabberd_muclog_datadir -%>
<% if @muclog_datadir -%>
{mod_muc_log, [
{access_log, muc},
{outdir, "<%= @ejabberd_muclog_datadir %>"},
{dirtype, subdirs},
<% if @ejabberd_muclog_format -%>
{file_format, <%= @ejabberd_muclog_format %>},
<% end -%>
{cssfile, false},
{top_link, {"/jabber-logs/", "Back to Logs"}}
{access_log, muc_admin},
{file_format, <%= @muclog_format %>},
{outdir, "<%= @muclog_datadir %>"},
{timezone, universal}
]},
<% end -%>
{mod_offline, [{access_max_user_messages, max_user_offline_messages}]},

183
ejabberd/templates/ejabberd.yml.erb Normal file
View file

@ -0,0 +1,183 @@
loglevel: 4
hosts:
<% @hosts.each do |host| -%>
- "<%= host %>"
<% end -%>
listen:
-
port: 5222
module: ejabberd_c2s
max_stanza_size: 655360
shaper: c2s_shaper
access: c2s
starttls_required: true
certfile: "/etc/ejabberd/ejabberd.pem"
-
port: 5223
module: ejabberd_c2s
max_stanza_size: 655360
shaper: c2s_shaper
access: c2s
tls: true
certfile: "/etc/ejabberd/ejabberd.pem"
-
port: 5269
module: ejabberd_s2s_in
max_stanza_size: 1310720
shaper: s2s_shaper
-
port: 5280
module: ejabberd_http
web_admin: true
http_poll: true
http_bind: true
s2s_access: s2s
s2s_certfile: "/etc/ejabberd/ejabberd.pem"
s2s_use_starttls: required
<% if @auth.is_a?(Array) -%>
auth_method:
<% @auth.each do |method| -%>
- <%= method %>
<% end -%>
<% else -%>
auth_method: <%= @auth %>
<% end -%>
<% if @extauth -%>
extauth_program: "<%= @extauth %>"
<% end -%>
<% if @ldap_server -%>
ldap_base: "<%= @ldap_basedn %>"
ldap_encrypt: <%= @ldap_encrypt %>
ldap_filter: "(!(loginShell=/sbin/nologin))"
ldap_port: <%= @ldap_port %>
ldap_servers:
<% @ldap_server.each do |server| -%>
- "<%= server %>"
<% end -%>
ldap_uids:
- "<%= @ldap_uid %>": "%u"
<% if @ldap_rootdn and @ldap_password -%>
ldap_rootdn: "<%= @ldap_rootdn %>"
ldap_password: "<%= @ldap_password %>"
<% end -%>
<% end -%>
shaper:
c2s: 655360
s2s: 1310720
max_fsm_queue: 10000
acl:
<% if @admins -%>
admin:
user:
<% @admins.each do |admin|
user, host = admin.split("@") -%>
- "<%= user %>": "<%= host %>"
<% end -%>
<% end -%>
local:
user_regexp: ""
loopback:
ip:
- "127.0.0.0/8"
access:
announce:
admin: allow
c2s:
all: allow
c2s_shaper:
all: c2s
configure:
admin: allow
local:
local: allow
max_user_offline_messages:
admin: 1000
all: 100
max_user_sessions:
all: 1000
muc:
local: allow
muc_admin:
admin: allow
muc_create:
local: allow
pubsub_createnode:
local: allow
register:
all: deny
s2s:
all: allow
s2s_shaper:
all: s2s
trusted_network:
loopback: allow
language: "en"
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce:
access: announce
mod_blocking: {}
mod_caps: {}
mod_carboncopy: {}
mod_configure: {}
mod_disco: {}
mod_http_bind: {}
mod_last: {}
mod_muc:
access: muc
access_admin: muc_admin
access_create: muc_create
access_persistent: muc_create
history_size: 100
max_users: 1000
max_user_conferences: 2000
default_room_options:
allow_user_invites: true
anonymous: false
<% if @muclog_datadir -%>
logging: true
<% else -%>
logging: false
<% end -%>
max_users: 1000
members_by_default: false
members_only: true
public: false
public_list: false
<% if @muclog_datadir -%>
mod_muc_log:
access_log: muc_admin
file_format: <%= @muclog_format %>
outdir: "<%= @muclog_datadir %>"
timezone: universal
<% end -%>
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_pubsub:
access_createnode: pubsub_createnode
ignore_pep_from_offline: true
last_item_cache: false
plugins:
- "flat"
- "hometree"
- "pep"
mod_roster: {}
mod_shared_roster: {}
mod_stats: {}
mod_time: {}
mod_vcard: {}
mod_version: {}

3
ejabberd/files/htaccess → ejabberd/templates/htaccess.erb
View file

@ -1,3 +1,6 @@
<% if scope.lookupvar('apache::version') == '2.4' -%>
DirectoryIndex disabled
<% end -%>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*)$ http://localhost:5280/http-bind/$1 [P,L]

21
erlang/manifests/init.pp Normal file
View file

@ -0,0 +1,21 @@
# Install erlang.
#
class erlang {
case $::operatingsystem {
'centos','redhat','fedora': {
package { 'erlang':
ensure => installed,
}
}
'debian','ubuntu': {
package { [ 'erlang', 'erlang-base' ]:
ensure => installed,
}
}
default: {
fail("erlang not supported on ${::operatingsystem}.")
}
}
}

2
gnu/manifests/init.pp
View file

@ -13,8 +13,8 @@ class gnu::gcc {
case $::operatingsystem {
'debian', 'ubuntu': {
package { "kernel-headers":
name => "linux-libc-dev",
ensure => installed,
name => "linux-libc-dev",
}
}
default: {

17
mirror/files/sync-mirrors
View file

@ -27,12 +27,13 @@ else
fi
VERBOSE=0
NOOP=""
EXTRA_OPTS=""
while getopts "vhl" c ; do
while getopts "vhln" c ; do
case $c in
v)
VERBOSE=1
EXTRA_OPTS="-v --progress"
EXTRA_OPTS="${EXTRA_OPTS} -v --progress"
;;
h)
usage
@ -45,6 +46,14 @@ while getopts "vhl" c ; do
done
exit 0
;;
n)
NOOP=" (DRY RUN)"
EXTRA_OPTS="${EXTRA_OPTS} -n"
;;
*)
usage
exit 1
;;
esac
done
@ -98,7 +107,7 @@ for mirror in ${SYNC} ; do
echo "ERR: No SRC set for mirror ${mirror} ..." 1>&2
exit 1
fi
logmsg "Starting ${mirror} sync ..."
logmsg "Starting ${mirror} sync${NOOP}..."
rsync -aH -4 ${EXTRA_OPTS} --numeric-ids --delete --delete-delay \
--delay-updates --no-motd ${RSYNCOPTS} --log-file=${LOGFILE} \
--exclude=.~tmp~/ ${SRC} /srv/mirrors/${mirror}/
@ -106,7 +115,7 @@ for mirror in ${SYNC} ; do
if [ ${STATUS} -ne 0 ]; then
echo "WARN: Encountered errors on ${mirror} sync, see ${LOGFILE} for details" 1>&2
fi
logmsg "Finished ${mirror} sync with exit status ${STATUS} ..."
logmsg "Finished ${mirror} sync with exit status ${STATUS}${NOOP} ..."
if [ "${POSTCMD}" != "" ]; then
logmsg "Running post for ${mirror} ..."
${POSTCMD} 2>&1 | awk \

4
murmur/Makefile
View file

@ -1,9 +1,9 @@
include $(CURDIR)/../Makefile.inc
VERSION = 1.2.4
VERSION = 1.2.9
TARGET = murmur-static_x86-$(VERSION).tar.bz2
SOURCE = http://downloads.sourceforge.net/project/mumble/Mumble/$(VERSION)/murmur-static_x86-$(VERSION).tar.bz2
SOURCE = https://github.com/mumble-voip/mumble/releases/download/$(VERSION)/murmur-static_x86-$(VERSION).tar.bz2
all: download manifest
download: $(PACKAGES)/$(TARGET)

2
nginx/manifests/init.pp
View file

@ -13,10 +13,12 @@ class nginx(
$user = '_nginx'
$group = '_nginx'
}
$logdir = '/var/www/logs'
}
default: {
$user = 'nginx'
$group = 'nginx'
$logdir = '/var/log/nginx'
}
}

4
nginx/templates/nginx.conf.erb
View file

@ -2,6 +2,8 @@ user <%= @user %>;
worker_processes <%= @workers %>;
worker_rlimit_nofile 1024;
error_log <%= @logdir %>/error.log;
events {
worker_connections 1024;
}
@ -10,6 +12,8 @@ http {
include mime.types;
default_type application/octet-stream;
access_log <%= @logdir %>/access.log combined;
server_tokens off;
include conf.d/*.conf;

51
smtpd/manifests/init.pp
View file

@ -18,6 +18,9 @@
# $maildir:
# Directory in user home for INBOX. Defaults to "Mail".
#
# $config:
# Path to custom configuration file.
#
# $custom:
# Array of custom accept/reject rules.
#
@ -39,6 +42,7 @@ class smtpd(
$listen=false,
$gecos=true,
$maildir="Mail",
$config=undef,
$custom=undef,
$domains=undef,
$virtuals=undef,
@ -130,6 +134,15 @@ class smtpd(
include ssl
if $config {
$content = undef
} else {
$content = $listen ? {
true => template("smtpd/server.conf.erb"),
default => template("smtpd/client.conf.erb"),
}
}
file { "${confdir}/smtpd.conf":
ensure => present,
mode => "0644",
@ -138,10 +151,8 @@ class smtpd(
"openbsd" => "wheel",
default => "root",
},
content => $listen ? {
true => template("smtpd/server.conf.erb"),
default => template("smtpd/client.conf.erb"),
},
source => $config,
content => $content,
notify => Service[$service],
}
@ -154,21 +165,7 @@ class smtpd(
},
}
if $listen == true {
include procmail
procmail::rc { "00-default.rc":
content => "MAILDIR=\$HOME/${maildir}\nDEFAULT=\$MAILDIR/INBOX\n",
}
file { [ "/root/${maildir}", "/etc/skel/${maildir}" ]:
ensure => directory,
mode => "0700",
owner => "root",
group => "wheel",
before => Service["smtpd"],
}
if $listen == true or $config {
file { "${ssl::private}/smtpd.key":
ensure => present,
mode => "0600",
@ -185,6 +182,22 @@ class smtpd(
source => $ssl_cert,
notify => Service["smtpd"],
}
}
if $listen == true {
include procmail
procmail::rc { "00-default.rc":
content => "MAILDIR=\$HOME/${maildir}\nDEFAULT=\$MAILDIR/INBOX\n",
}
file { [ "/root/${maildir}", "/etc/skel/${maildir}" ]:
ensure => directory,
mode => "0700",
owner => "root",
group => "wheel",
before => Service["smtpd"],
}
if $gecos == true {
file { "/usr/local/sbin/generate-smtpd-gecos.sh":